Section 1 - AGCO Compliance Approach
1.1 Risk and Outcomes based Standards
The Registrar’s Standards for Internet Gaming (the “Standards”) are risk-based and outcome-focused.
Risk-based refers to the regulatory risks underlying the Standards. It is expected that by achieving the regulatory objectives reflected in the Standards, the registrant’s established control environment will address these regulatory risks.
Outcome-focused means that our Standards emphasize the results that igaming operators and GRSs are expected to achieve, rather than prescriptive activities that must be carried out. Accordingly, we expect operators and GRSs to have effective control activities in place to achieve the outcomes set out in the Standards.
This focus on risks and outcomes in the Standards provides greater flexibility for individual operators and GRSs to design control activities that fit their business operations and then to adapt those controls quickly and cost-effectively as those operations change over time – always ensuring that our outcome-based Standards are being met. It also means that our regulatory program maintains its relevance, even in sectors where change is fast paced, including where technology is deeply integrated in how the business is delivered.
1.2 Risk and Outcomes based compliance
The igaming compliance program is also risk and outcomes-based, and that has important implications for operators and GRSs as described below.
Familiar with all relevant and applicable regulatory requirements
Operators and GRSs are expected to be familiar and in compliance with all requirements of the Gaming Control Act 1992 and all Standards that are relevant and applicable to them, given their type of business, role, and the products and services they provide.
For example: almost all of the Standards will apply to an igaming operator and their platform provider, while GRSs who run critical gaming systems or independent integrity monitors (IIM)2 in sport and event betting will be subject to more focused subsets of the Standards.
Information on which standards might be commonly applicable to different types of registrants is provided in Appendix B. This information is for general guidance purposes only and should not be taken as conclusive direction from the AGCO. The circumstances of each registrant are different and registrants are responsible for identifying the standards and requirements that apply to them.
Effective Controls to be in place
The AGCO’s regulatory framework provides greater flexibility but also comes with heightened accountability for those we regulate. We expect igaming operators and GRSs to have control environments in place that are consistently capable of achieving the AGCO’s regulatory outcomes and that they:
- Regularly assess and validate the effectiveness of their control environments against the Standards, proactively addressing issues or gaps, and reporting substantial changes in the control environment to the AGCO.
- Regularly assess and validate that their technology meets the Standards, providing the AGCO with appropriate evidence
-
Provide the AGCO with key indicators, information, and documentation to support our understanding of their risk profile.
- Have robust internal compliance monitoring and reporting mechanisms in place.
- Report compliance incidents to the AGCO in a timely and transparent manner as per our Notification Matrix and take steps to ensure that the root causes of non-compliance are accurately determined and addressed in a timely manner that minimizes the likelihood of recurrence.
- Understand that they are responsible for meeting the Standards, regardless of whether they have contracted out functions to third parties.
- Pay particular attention to the key compliance priorities that the AGCO will identify on an ongoing basis (see #4 below)
Our compliance approach involves working collaboratively with operators and GRSs to maintain or, if necessary, re-establish compliance. Where regulatory expectations are not met, the AGCO may use a full spectrum of compliance responses to achieve those goals, including education, warnings, financial penalties, suspensions, and, in the most serious cases, revocations. In cases where severe incidents occur, the AGCO will act proportionately to ensure the public is protected.
Our assessment of compliance risk begins when an application for registration is submitted
Once an application is received, the AGCO assesses risks associated with that application. Considerations include operational and regulatory experience in other jurisdictions, track record of compliance, the applicant’s gap analysis with respect to the Standards (see below), and issues or concerns about individuals or technology. That risk assessment becomes part of the applicant’s ongoing compliance profile and will be used by our compliance teams to inform their monitoring activities.
As part of the registration process, all applicants must confirm they will abide by the Standards. This includes confirming that goods, services, and technology deployed by or provided to the applicant by third party GRSs will be in compliance.
In addition, because of their central role, operators are asked at this stage to submit an analysis of their current controls, processes, technology, etc., against the Standards, to identify any gaps, and provide evidence that they have developed a plan to address those gaps. This gap analysis also becomes part of the applicant’s ongoing compliance profile.
Igaming compliance themes and priorities
The Technology Regulation and iGaming Compliance Branch’s responsibilities include:
-
Identifying compliance themes and priorities that will be special areas of interest and focus for the AGCO and its compliance teams; and
-
Designing effective, targeted, and proactive compliance and risk mitigation activities to address these themes and priorities.
Our compliance priorities will be assessed and updated as the environment evolves. From time to time, the AGCO will communicate additional areas of interest and focus to operator and GRSs to help increase operational awareness.
While registrants are required to comply with the Gaming Control Act, 1992 and all relevant Standards, the following are some of the priority areas from the Standards that the AGCO will be paying particular attention to as we assess applications and review each operator’s Control Activity Matrix and Technology Compliance Confirmation (see Section 3), and then as we monitor ongoing compliance once the Ontario market is underway.
Priority |
Description |
---|---|
Effective Internal Control Environment |
|
Responsible Gambling |
|
Game Design and Integrity |
|
Suspicious or Criminal Activities |
|
Minors |
|
Security and Privacy |
|
In addition to the priorities identified in the table above, we will be closely monitoring for:
- Exiting the unregulated igaming market in Ontario:
- We will be monitoring registrant compliance with the requirement that a) they cease unregulated market operations in Ontario and b) terminate any association they may have with any other company that operates an unregulated scheme in Ontario.
- Advertising, marketing and promotional activity, and exposure of minors:
- The AGCO has not established specific regulatory limits or restrictions on advertising and marketing around overall volume, types of channels, or timing. However, based on our monitoring of industry activity in the months ahead, we will consider additional measures if warranted.
- As part of promotional partnerships, igaming operators or other businesses cannot provide gaming devices or gaming equipment to players to access an igaming site at a physical premises.
- Under Ontario’s legal framework, igaming operators are only permitted to operate gaming sites that are electronic channels. The provision of gaming equipment, such as devices to access gaming (e.g., a tablet or a kiosk) creates a land-based gaming site and is not permitted.
- In Ontario, OLG conducts and manages lottery schemes offered at land-based gaming sites (including casinos, cGaming sites, and lottery), and on its own electronic channel, olg.ca. iGaming Ontario (iGO) conducts and manages the online lottery schemes that are not conducted and managed by OLG, and does not conduct and manage any land-based gaming sites.
2 IIMs receive, assess, and distribute unusual/suspicious betting alerts to entities with which they have an information sharing relationship, including their member sport and event betting operators, the AGCO, and the relevant sport/event governing body. In addition, as directed by the Registrar, IIMs are responsible for facilitating collaboration and information sharing to support the investigation of, and response to, prohibited activity associated with suspicious betting. IIMs may provide their services to, among others, regulators, operators, or gaming related suppliers, but must not have any perceived or real conflicts of interests in performing their role (such as acting as an operator or oddsmaker).